updated 12:51 pm EDT, Wed July 11, 2012

Uses rare cross-platform attack method

A new piece of malware is targeting Mac, Windows, and Linux users all at the same time, note security firms F-Secure and Sophos. The code pretends to be a needed add-on; in reality victims are opening up a Java Archive file, which then detects the platform a person is using before connecting to a remote server to fetch additional code, creating a back door for hackers. The Mac version of the malware is identified by F-Secure as "Backdoor:OSX/GetShell.A."

Fully updated Macs should be immune to the attack, since the OS X code is actually a PowerPC binary. OS X Lion doesn't support Rosetta, the software needed for backwards compatibility with PowerPC applications. Even with OS X Snow Leopard, Rosetta is only an optional upgrade.

It's rare for malware to target several platforms simultaneously. Most hackers tend to concentrate on either OS X or Windows, and usually the latter. Although Macs are increasing in popularity, Windows users continue to represent a much larger target and therefore a more logical direction for the time and effort involved.

In other words: when it comes to security holes, Java is the new Microsoft Word, which had this kind of problem about a decade ago. (I remember seeing the headlines for the first cross-platform Word Macro Virus.) Well, that's hardly a surprise. The only real issue is that I expected Flash to have this kind of problem first.

Of course, those of us using 10.7 who haven't downloaded Java are safe from this, just as those of us who weren't using Microsoft Word were safe.

I think you're getting Java confused with JavaScript, which despite the similar name is completely different. JavaScript is ubiquitous on the web, but Java is very rare these days. Only one piece of software I use requires it for one particular function.